The Cookie Law

by Dave Langdale on May 28, 2012

Britain’s last minute change, what you need to know and the Beeb’s ideal solution.

Whether you’re a casual blogger, an online retailer or an SEO expert you won’t have failed to notice the sudden appearance of cookie related messages across many of the UK’s biggest websites. But what do they mean, what do you have to worry about and where do you even start? That’s what this post is all about – the cookie law. So let’s get on with it.

What Is It?

On the 26 May 2011, the Information Commissioner’s Office (ICO) gave companies a year’s grace to comply with policy changes on the use of cookies in their websites. In order to protect consumer’s data, sites were required by law to ask consumers to accept the use of cookies before they were allowed to collect any data.

These cookies are generally safe, only used for collecting data on Google Analytics and remembering the data from forms you’ve filled in so you don’t have to keep filling them in every time.

But, as with any society, there are some bad apples. This law has been put in place mainly to penalise the use of cookies that try to store as much consumer data as possible, such as names, address and contact details, which is then sold to other companies.

You may think a year is long enough to comply with this, but thousands of organisations have been struggling to work out how to implement this policy. However, the British ICO has just made that a whole lot easier.

What Britain Did

About 48 hours before the year’s grace was up, the British ICO changed the policy to say that consent is now implied as long as users can easily understand what this means.

This is huge. Because it basically means we’re disagreeing with the EU directive. Indeed, the British ICO Blog states that “there is no one size fits all approach” and that it’s up to individual organisations to devise their own solution.

Implied consent seems like a more sensible approach to a wholly impractical law. But it does mean that we as a country are now out of sync with EU law, which could mean the British ICO may face future battles with EU courts.

So What Do You Actually Have to Do?

With British ICO changing their policy and the original EU policy murkier than the Thames, you can be forgiven for being utterly nonplussed about what you need to do.

The main thing we suggest is don’t panic, the ICO have made it clear that they are planning to work with 50 of the UK’s top sites to not only make sure they’re complying, but help them to do so. So, until these ‘role models’ have finished deciding their approach, it is unlikely that they’ll start handing out fines to everyone. Also, as 95% of the internet’s companies are currently in breach of this legislation, it’s more likely that the approach to this will develop over a long period of time.

The good thing about the ICO’s decision to aid the top sites in making their policy visible is that we have a range of solutions to choose from. Here’s a few we’ve picked out:

The Guardian have chosen the minimalist approach of stating that, by continuing to use the site, acceptance of cookie use is automatic.

BT have gone for a floaty text box that disappears after a few seconds and advises automatic allowance unless you change it.

The Telegraph seem to have gone for an even simpler version of implied consent by just making their privacy policy available in the header if anyone wants to read it. Time will tell if the ICO think this is enough.

The Beeb, by far the most exhaustive solution, the BBC has not only put up a handy header banner to explain their policy…

but you can also access an on-site cookie management tool that allows you to restrict which cookies you store.

So there you have it. The UK’s biggest sites have a whole range of cookie compliance options for you to investigate. While the BBC might have the ideal solution for the ICO, in terms of accessible knowledge and a rigorous restriction tool, this might not be feasible for every site. In that case, something along the lines of The Telegraph’s site might work better.

The bottom line really is not to freak out. It’s going to be a long haul getting a compliant internet, a task we certainly don’t envy. Until then, it appears up to the top 50 or so sites to set the benchmark and, as long as you comply in some way, you can sit back and see if the site you emulated passes the ICO test.